A new lab for practice ISCW arguments, thanks to Luca Moretti for partecipating.
Here the topology:
Acme Gmbh is a trading company that have a central office named "Hannover"(CON6 and CON7) and two branches (CON8 = branch "Bergamo" and CON11+CON1 = branch "Trento").
The connection between Hannover and Trento is made by a fastethernet connection with an ISP named "Majico Connecting World" ;-) (CON2 + CON3 + CON4) and have a redundant E1 (serial link) as backup link.
Goal of this lab:
-configure routing between branches and provider (see topology map) (backup serial link betw Hannover and Trento is a leased line, it costs much and have a traffic based bill, so be careful and use ISP as preferred route!)
-do not redistribute ISP internal routes to customers, but generate a default for each office using bgp
-loopbacks representing office lans and have to be routed with correct netmask
-configure basic mpls for ISP routers
-configure various tunnels to secure branches connections
...more tasks and configurations as soon as possible...
-(optional ONT refresh) configure QoS using nbar on link between CON7 and CON8 (both directions), assign the appropriate bandwidth values for Voip, sql, default and sacvenger (p2p, kazaa...) classes. CON8 (Trento) office has 15 ip Cisco 7940 with G.729 codec.
-(optional ONT refresh 2) configure QoS on CON11 to minimize bandwidth waste due to peer-to-peer traffic
Solution config parts:
router ospf 1
no passive-interface FastEthernet0/0
no passive-interface Tunnel0
network 172.17.1.2 0.0.0.0 area 15
network 192.168.0.0 0.0.0.3 area 15 !-- this network is used for tunneling..
router bgp 64815
redistribute ospf 1 match internal
neighbor 172.16.0.22 remote-as 65000
neighbor 172.17.1.1 remote-as 64815
neighbor 172.17.1.1 next-hop-self !-- Next-hop-self for neighbour CON1, because CON1 don't have a route to the link betw CON11 and CON2
One of the most difficult task was the use of ISP between CON7 and CON8 instead of backup serial link... because CON7 and 8 use the same BGP as ...
router bgp 64814
redistribute ospf 1
neighbor 172.16.0.1 remote-as 65000
neighbor 172.16.0.1 allowas-in 1 !-- this allows prefixes with the same as in path (here 64814), 1 means 1 recursion allowed
neighbor 172.16.0.1 route-map LAN-via-ISP in !--route map to set weight
neighbor 172.17.1.6 remote-as 64814
ip forward-protocol nd
ip http server
no ip http secure-server
ip access-list extended LAN-CON7 !-- matches internal lan of CON7 and CON6
permit ip 10.2.0.0 0.0.0.255 any
permit ip 10.3.0.0 0.0.0.255 any
route-map LAN-via-ISP permit 10
match ip address LAN-CON7
set weight 35500 !-- the weight for locally generated routes is 32768, so a value of 35500 is preferred and prefixes inserted into routing table
the same for CON7, modify access-list prefixes (and bgp neighbour) only.